Suchergebnisse

Fog computing, like any other new technology, raises concerns regarding the security and privacy of its users. In this thesis, we analyze the security of fog computing systems following a systematic approach and from multiple perspectives: device level, system level, and service level. For each perspective, we discuss the possible vulnerabilities that the system may have and highlight some possible solutions. One of the important identified assets in our study of fog platform's security is the user's personal data. Because of fog nodes' proximate location to the user, fog applications have access to significant parts of their users' personal data. Although applications expose a privacy policy describing how they handle users' personal data, the compliance of applications to their privacy policy should not be taken for granted but verified. However, manually checking whether applications actually respect the claims made in their privacy policy is both error-prone and time-consuming. In this thesis, we argue that automated privacy compliance checking in fog environment is feasible and outline a research roadmap towards the development of such systems. ; Le "fog computing," comme toute nouvelle technologie, soulève des inquiétudes des utilisateurs concernant la sécurité et la confidentialité. Dans cette thèse, nous analysons la sécurité des systèmes fog en suivant une approche systématique sous plusieurs angles : niveau matériel, niveau système et niveau service. Pour chaque perspective, nous discutons des vulnérabilités possibles que le système peut avoir et mettons en évidence quelques solutions possibles. L'un des aspects importants identifiés dans notre étude de la sécurité de la plate-forme fog est constitué des données personnelles de l'utilisateur. En raison de la proximité des nœuds fog par rapport à l'utilisateur, les applications fog ont accès à des parties importantes des données personnelles de leurs utilisateurs. Bien que les applications exposent une politique de confidentialité décrivant comment ...

Fog computing, like any other new technology, raises concerns regarding the security and privacy of its users. In this thesis, we analyze the security of fog computing systems following a systematic approach and from multiple perspectives: device level, system level, and service level. For each perspective, we discuss the possible vulnerabilities that the system may have and highlight some possible solutions. One of the important identified assets in our study of fog platform's security is the user's personal data. Because of fog nodes' proximate location to the user, fog applications have access to significant parts of their users' personal data. Although applications expose a privacy policy describing how they handle users' personal data, the compliance of applications to their privacy policy should not be taken for granted but verified. However, manually checking whether applications actually respect the claims made in their privacy policy is both error-prone and time-consuming. In this thesis, we argue that automated privacy compliance checking in fog environment is feasible and outline a research roadmap towards the development of such systems. ; Le "fog computing," comme toute nouvelle technologie, soulève des inquiétudes des utilisateurs concernant la sécurité et la confidentialité. Dans cette thèse, nous analysons la sécurité des systèmes fog en suivant une approche systématique sous plusieurs angles : niveau matériel, niveau système et niveau service. Pour chaque perspective, nous discutons des vulnérabilités possibles que le système peut avoir et mettons en évidence quelques solutions possibles. L'un des aspects importants identifiés dans notre étude de la sécurité de la plate-forme fog est constitué des données personnelles de l'utilisateur. En raison de la proximité des nœuds fog par rapport à l'utilisateur, les applications fog ont accès à des parties importantes des données personnelles de leurs utilisateurs. Bien que les applications exposent une politique de confidentialité décrivant comment ...

The level of scientific understanding of the US experience in the legal protection of information privacy does not correspond to modern technological, socio-economic, and political and legal challenges that have arisen before Ukraine. The article provides a comprehensive description of the current US legislation on the protection of information privacy in the private sector, highlights the essential features that distinguish the approaches of the American legislator in this field from others, primarily European ones, and also identify prospects for the development of American legislation, taking into account the latest threats to privacy, arising in the conditions of rapid development of information and communication technologies. The American system of information privacy protection primarily uses the so-called sectoral approach. The essence of this approach is that the protection of information privacy is carried out only within a specific aspect (context) of collecting or using information and is aimed at pre-defined sectors of public life or specific groups of people. Accordingly, federal laws are classified into several groups: 1) protecting privacy in the field of finance; 2) protecting privacy in the field of education; 4) protecting privacy in health care; 5) protecting children privacy; 6) protecting consumer privacy. The federal sectoral approach in the United States is adaptive in nature: Congress intervened to regulate information privacy when new problems arose, and it was mainly new technological developments. In other words, when a new technology threatened the information privacy or perhaps grew at an unacceptable rate, Congress provided protection through the lens of a certain sector or category of people most affected by this new technology. The US experience makes it possible to clearly understand that the protection of information privacy and what should be considered sensitive can change rapidly due to changes in the way data is collected, processed and stored by various actors. ; В статье дана комплексная характеристика действующего законодательства США по защите информационного прайвеси в частном секторе, выделены сущностные черты, отличающие подходы американского законодателя в данной сфере от других, прежде всего европейских, а также определены перспективы развития американского законодательства с учетом новейших угроз для неприкосновенности частной жизни, возникающих в условиях бурного развития информационно-коммуникационных технологий. ; У статті надано комплексну характеристику чинного законодавства США щодо захисту інформаційного прайвесі у приватному секторі, виокремлено сутнісні риси, які відрізняють підходи американського законодавця в даній сфері від інших, передусім європейських, а також визначено перспективи розвитку американського законодавства з урахуванням новітніх загроз для недоторканності приватного життя, що виникають в умовах бурхливого розвитку інформаційно-комунікаційних технологій.

The free flow if information is critical to open society. In the United States, the tradition of open information provides the intellectual oxygen for the development American freedom, knowledge, technology, and commerce. In contrast to the right to communicate and obtain information, privacy is not an established right in the United States, except with respect to physical trespass by the government and reproductive freedom. A federal privacy czar would necessarily limit the unauthorized collection, use, and dissemination of personal information. Privacy czars invariably become privacy advocates and take active stances to discourage the free flow of information about persons and limit the dissemination of such information, regardless of the impact on other equities like the right to freedom of expression. Privacy czars would be likely to attempt to bootstrap privacy rights over other protected rights, which could threaten essential American values and freedoms, including constitutional protections under the First Amendment. The present American approach, adding a counselor in the White House to advise the President and supplement the authority of the FTC, industry self-regulation, market factors, and the political process, adequately balance privacy concerns with other essential rights.

The free flow if information is critical to open society. In the United States, the tradition of open information provides the intellectual oxygen for the development American freedom, knowledge, technology, and commerce. In contrast to the right to communicate and obtain information, privacy is not an established right in the United States, except with respect to physical trespass by the government and reproductive freedom. A federal privacy czar would necessarily limit the unauthorized collection, use, and dissemination of personal information. Privacy czars invariably become privacy advocates and take active stances to discourage the free flow of information about persons and limit the dissemination of such information, regardless of the impact on other equities like the right to freedom of expression. Privacy czars would be likely to attempt to bootstrap privacy rights over other protected rights, which could threaten essential American values and freedoms, including constitutional protections under the First Amendment. The present American approach, adding a counselor in the White House to advise the President and supplement the authority of the FTC, industry self-regulation, market factors, and the political process, adequately balance privacy concerns with other essential rights.

Fog computing, like any other new technology, raises concerns regarding the security and privacy of its users. In this thesis, we analyze the security of fog computing systems following a systematic approach and from multiple perspectives: device level, system level, and service level. For each perspective, we discuss the possible vulnerabilities that the system may have and highlight some possible solutions. One of the important identified assets in our study of fog platform's security is the user's personal data. Because of fog nodes' proximate location to the user, fog applications have access to significant parts of their users' personal data. Although applications expose a privacy policy describing how they handle users' personal data, the compliance of applications to their privacy policy should not be taken for granted but verified. However, manually checking whether applications actually respect the claims made in their privacy policy is both error-prone and time-consuming. In this thesis, we argue that automated privacy compliance checking in fog environment is feasible and outline a research roadmap towards the development of such systems. ; Le "fog computing," comme toute nouvelle technologie, soulève des inquiétudes des utilisateurs concernant la sécurité et la confidentialité. Dans cette thèse, nous analysons la sécurité des systèmes fog en suivant une approche systématique sous plusieurs angles : niveau matériel, niveau système et niveau service. Pour chaque perspective, nous discutons des vulnérabilités possibles que le système peut avoir et mettons en évidence quelques solutions possibles. L'un des aspects importants identifiés dans notre étude de la sécurité de la plate-forme fog est constitué des données personnelles de l'utilisateur. En raison de la proximité des nœuds fog par rapport à l'utilisateur, les applications fog ont accès à des parties importantes des données personnelles de leurs utilisateurs. Bien que les applications exposent une politique de confidentialité décrivant comment elles traitent les données personnelles des utilisateurs, la conformité des applications à leur politique de confidentialité ne doit pas être considérée comme acquise mais vérifiée expérimentalement. Cependant, vérifier manuellement si les applications respectent réellement les clauses formulées dans leur politique de confidentialité est à la fois sujet aux erreurs et chronophage. Dans cette thèse, nous montrons que la vérification automatisée de la conformité à la confidentialité dans un environnement fog est faisable, et présentons une feuille de route de recherche vers le développement de tels systèmes.